About this article
This article explains how to configure SAML2 as an authentication method in Templafy.
Pre-requisites
Set up Authentication Method
- Go to the
Account
tab in the left-side menu of the Admin Center - Go to the
Authentication
tab - Click on
Add authentication method
- Type in the name of the
Authentication method id
(see below) - Type in the name of the
Login button name
(see below) - Select
SAML2
in the drop-down - Follow instructions below based on the configuration selected (dynamic/manual)
- Configure Advanced Options (if necessary)
- Click
Save
Authentication Method Id
The Authentication method ID is a unique and non-editable value used to identify the authentication method itself. This is a required field and can be referenced as an installation parameter in Templafy Desktop deployment or distributed via Registry key. Using this id, users will not have to select an authentication method each time the Refresh Token is being renewed and the login shall succeed quietly without their interaction.
Login Button Name
This name will be shown to users when logging into Templafy, if multiple authentication methods are configured on the tenant. It is therefore imperative to give the button a meaningful and distinctive name to better guide users to the correct authentication method.
Advanced options
You can restrict access to specified email domains with the Restricted domains
setting or restrict access based on the Discriminator claim name
setting. You can also enter a Home realm
to assist users in signing in.
Reference:
Dynamic Configuration
When opting in for dynamic configuration, you don't have to maintain the metadata when it's changed on the IdP's side. For example, if a new singing certificate was generated on the customer's side, Templafy will be able to fetch the information in real time without any user interaction. No manual change to the metadata in the authentication method settings would be required.
- Metadata location = URL where you can access the metadata specific to the application
- Entity ID = Uniquely identifies the application. IdP sends the identifier to the application as the Audience parameter of the SAML token. The application is expected to validate it.
Manual Configuration
By opting in for manual configuration, you have two options:
- Enter the correct required fields in the configuration manually by copy-pasting them from the metadata XML file provided by the customer
- Use the
Fetch metadata
button to extract the information for you by inserting the specified URL.
- Metadata location = URL where you can access the metadata specific to the application
- Entity ID = Uniquely identifies the application. IdP sends the identifier to the application as the Audience parameter of the SAML token. The application is expected to validate it.
- Single sign-on service URL = URL used by IdP to authenticate and sign on the user.
- Primary signing certificate (Base64) = Certificate used to sign the SAML tokens that are sent to the application. You need this certificate to set up the trust between IdP and the application.
- Secondary signing certificate (Base64) = Newly generated certificate by IdP can be uploaded here beforehand and Templafy will default to this certificate once the customer performs the switch.
|
Comments
0 comments
Article is closed for comments.